Menu

Sensitive to user experience on mobile ? Think about security !

User, user, user. All strategies for consumer services are user centric. Which is a good plan.. User centric design, usability, user convenience, easy user purchase. The key challenge is to differentiate from other service providers, to ward of the terrible disease of this century : customer churn. Keeping a customer is a big deal. Specially when this user is paying to get a service, which is – obviously – supposed to be exclusive, high quality, guaranteed…. When a company is delivering a high quality paid service to a kind consumer, it may insure that :

i) the user is the one he pretends to be – to make sure it can be billed, ii) the user did not – by accident or intentionally – copied his rights for someone else consumption, and iii) the user does not weaken the service because he runs the service in an uncontrolled environment – e.g. a cracked device, with non protected communication…

And this is where security can help.

Security policies deployed to protect services, can have different flavors. It can rely on temporary or permanent credentials stored in hardware token or software token. It can rely on on-line checking (the user or the device send information to the server and the decision is made checking that this information corresponds to the right user) or offline (the device is robust and trustable enough to make decision offline) . Each of those option does not give the exact same confidence in the service protection. Each of those option does not lead to the same user experience.

Choosing the right technical security is a full time job and has to balance risks and losses – how much are you ready to loose if there is a problem ? But the question which is usually not central in security expert is : how much will I loose if the service does not fly in terms of user experience ? The natural thinking is that security burdens the user. Let’s try to think in a different way the user experience.

Lets analyze an interesting strategy of selected service provider. The ones I want to talk about are the ones who offers different service quality depending on the conditions where the service is delivered. For example media content provider delivers only High Density format to highly secured mobile phone. Or a payment service is as simple as a gesture if it is based on hardware security, while when relying on software security the user will be asked additional security information– birth date, address, answer to personal-stupid question-you-never-remember, …

Having such systematic service quality based on security environment strategy can definitely benefits the mobile industry : service providers better protect their assets, triggering a positive reflex for customers to go for higher security environments. In addition, mobile manufacturers are able to value their investments in security – that usually no one wants to subsidies.

From that, one can deduce two interesting areas for improving high value services deployment on mobile. One . Service providers should definitely make their security expert and service designers discuss together. Two. Service providers should audit conditions where service will be used, grasping any information available about devices, certificate, security certification, rooting state to fine-tune service level.

Two challenging details relying on organizational resistance and few technical progresses…